diff --git a/libresapi/src/api/ApiServerMHD.cpp b/libresapi/src/api/ApiServerMHD.cpp
index a2613812c..898105b60 100644
--- a/libresapi/src/api/ApiServerMHD.cpp
+++ b/libresapi/src/api/ApiServerMHD.cpp
@@ -6,6 +6,8 @@
 #include <cstdio>
 #include <algorithm>
 
+#include <util/rsdir.h>
+
 // for filestreamer
 #include <retroshare/rsfiles.h>
 
@@ -70,7 +72,7 @@ namespace resource_api{
 
 std::string getDefaultDocroot()
 {
-    return RsAccounts::DataDirectory() + "/webui";
+    return RsAccounts::DataDirectory(false) + "/webui";
 }
 
 const char* API_ENTRY_PATH = "/api/v2";
@@ -403,6 +405,21 @@ static void sendMessage(MHD_Connection *connection, unsigned int status, std::st
     MHD_destroy_response(resp);
 }
 
+// convert all character to hex html entities
+static std::string escape_html(std::string in)
+{
+    std::string out;
+    for(int i = 0; i < in.size(); i++)
+    {
+        char a = (in[i]&0xF0)>>4;
+        a = a < 10? a+'0': a-10+'A';
+        char b = (in[i]&0x0F);
+        b = b < 10? b+'0': b-10+'A';
+        out += std::string("&#x")+a+b+";";
+    }
+    return out;
+}
+
 ApiServerMHD::ApiServerMHD(ApiServer *server):
     mConfigOk(false), mDaemon(0), mApiServer(server)
 {
@@ -589,8 +606,12 @@ int ApiServerMHD::accessHandlerCallback(MHD_Connection *connection,
 #endif
         if(fd == -1)
         {
-#warning sending untrusted string to the browser
-            std::string msg = "<html><body><p>Error: can't open the requested file. Path is &quot;"+filename+"&quot;</p></body></html>";
+            std::string direxists;
+            if(RsDirUtil::checkDirectory(mRootDir))
+                direxists = "directory &quot;"+mRootDir+"&quot; exists";
+            else
+                direxists = "directory &quot;"+mRootDir+"&quot; does not exist!";
+            std::string msg = "<html><body><p>Error: can't open the requested file. path=&quot;"+escape_html(filename)+"&quot;</p><p>"+direxists+"</p></body></html>";
             sendMessage(connection, MHD_HTTP_NOT_FOUND, msg);
             return MHD_YES;
         }
diff --git a/libretroshare/src/retroshare/rsinit.h b/libretroshare/src/retroshare/rsinit.h
index f3b04c2e5..9e5cd4bfc 100644
--- a/libretroshare/src/retroshare/rsinit.h
+++ b/libretroshare/src/retroshare/rsinit.h
@@ -132,7 +132,13 @@ namespace RsAccounts
 {
 	// Directories.
 	std::string ConfigDirectory(); // aka Base Directory. (normally ~/.retroshare)
-    std::string DataDirectory(); // you can call this method even before initialisation (you can't with the other methods)
+    /**
+     * @brief DataDirectory
+     * you can call this method even before initialisation (you can't with the other methods)
+     * @param check if set to true and directory does not exist, return empty string
+     * @return path where global platform independent files are stored, like bdboot.txt or webinterface files
+     */
+    std::string DataDirectory(bool check = true);
 	std::string PGPDirectory();
 	std::string AccountDirectory();
 
diff --git a/libretroshare/src/rsserver/rsaccounts.cc b/libretroshare/src/rsserver/rsaccounts.cc
index 31e00b33b..efbc33a87 100644
--- a/libretroshare/src/rsserver/rsaccounts.cc
+++ b/libretroshare/src/rsserver/rsaccounts.cc
@@ -743,7 +743,7 @@ static bool checkAccount(std::string accountdir, AccountDetails &account,std::ma
 	//#include <CFBundle.h>
 #endif
 
-/*static*/ std::string RsAccountsDetail::PathDataDirectory()
+/*static*/ std::string RsAccountsDetail::PathDataDirectory(bool check)
 {
 	std::string dataDirectory;
 
@@ -809,6 +809,9 @@ static bool checkAccount(std::string accountdir, AccountDetails &account,std::ma
 #endif
 /******************************** WINDOWS/UNIX SPECIFIC PART ******************/
 
+    if(!check)
+        return dataDirectory;
+
 	/* Make sure the directory exists, else return emptyString */
 	if (!RsDirUtil::checkDirectory(dataDirectory))
 	{
@@ -1246,7 +1249,7 @@ bool     RsInit::LoadPassword(const std::string& id, const std::string& inPwd)
 
         // Directories.
 std::string RsAccounts::ConfigDirectory() { return rsAccounts->PathBaseDirectory(); }
-std::string RsAccounts::DataDirectory() { return RsAccountsDetail::PathDataDirectory(); }
+std::string RsAccounts::DataDirectory(bool check) { return RsAccountsDetail::PathDataDirectory(check); }
 std::string RsAccounts::PGPDirectory() { return rsAccounts->PathPGPDirectory(); }
 std::string RsAccounts::AccountDirectory() { return rsAccounts->PathAccountDirectory(); }
 
diff --git a/libretroshare/src/rsserver/rsaccounts.h b/libretroshare/src/rsserver/rsaccounts.h
index adce7bd2f..7f1fa9d3a 100644
--- a/libretroshare/src/rsserver/rsaccounts.h
+++ b/libretroshare/src/rsserver/rsaccounts.h
@@ -74,7 +74,12 @@ class RsAccountsDetail
 		bool	checkAccountDirectory();
 
 		// Paths.
-        static std::string 	PathDataDirectory();
+        /**
+         * @brief PathDataDirectory
+         * @param check if set to true and directory does not exist, return empty string
+         * @return path where global platform independent files are stored, like bdboot.txt or webinterface files
+         */
+        static std::string 	PathDataDirectory(bool check = true);
 		std::string 	PathBaseDirectory();
 
 		// PGP Path is only dependent on BaseDirectory.